Thursday, February 24, 2022

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. (CVSS:7.5) (Last Update:2022-02-24)
http://dlvr.it/SKc7NB

No comments:

Post a Comment

NFPs “inherently vulnerable” to cyber security attacks - Pro Bono Australia

NFPs “inherently vulnerable” to cyber security attacks  Pro Bono Australia http://dlvr.it/Sj0J6h